User Profile

NoobieInfoSec

Copper Contributor

Joined 4 years ago

7 Posts

View All Badges

User Widgets

Recent Discussions

Using IIS Crypto Tool on Windows 10 Enterprise Workstations?
I have a few Windows 10 enterprise workstations (not servers) that we use RDP on. Running a Nessus scan on these machines shows some medium to high cryptography vulnerabilities (Deprecated TLS and weak cipher suites, vulnerable to sweet 32) on port 3389 for RDP. My research tells me that one way to remediate this is to use the IIS Crypto tool. This tool was made for windows server, but can I still use it on workstations? Or is there another way I should do this?
Sep 12, 2022 Place Windows security
5.5KViews
0likes
0Comments
Re: Risky Sign-in Report - Where to see or adjust the settings?
Sure, I will test these out - thank you! Is there a way for us to configure how risky sign in works? Like turn certain features ON or OFF?
Sep 01, 2022 Place Microsoft Defender XDR
3.7KViews
0likes
1Comment
Risky Sign-in Report - Where to see or adjust the settings?
We are seeing some inconsistencies with our Risky Sign-in reports. For example, we'll have multiple users who travel over seas, logging in from foreign IP addresses for the first time, and some will get flagged as a risky sign in while others won't. We had one US based user in particular who travelled in Eastern Europe for a month and was never flagged for risky sign ons. Is there a way to see and or adjust the settings/criterion for how the risky sign-in reports work?
Solved
Sep 01, 2022 Place Microsoft Defender XDR
alerts
3.8KViews
0likes
3Comments
Ability to calibrate or see Risky Sign-in Report Logic?
We are seeing some inconsistencies with our Risky Sign-in reports. For example, we'll have multiple users who travel over seas, logging in from foreign IP addresses for the first time, and some will get flagged as a risky sign in while others won't. We had one US based user in particular who travelled in Eastern Europe for a month and was never flagged for risky sign ons. Is there a way to see and or adjust the settings/criterion for how these reports work?
Aug 30, 2022 Place Microsoft Security
microsoft 365 defender
microsoft defender for identity
security
870Views
0likes
0Comments
Re: Microsoft Sentinel Potentially malicious events - Flagging as Safe/Informational?
Thanks. I think I have found an OK solution to creating an alert when this specific event happens. I just want to clarify though that there is no way to remove this potentially malicious event from showing up on the map like it does though, right? Even if we flag this IP Address or Coordinates as safe?
Aug 30, 2022 Place Microsoft Sentinel
1.7KViews
0likes
1Comment
Microsoft Sentinel Potentially malicious events - Flagging as Safe/Informational?
Is there a way to change the status of a potentially malicious event as safe so it no longer shows up on the map? Also, is there a way to create some logic in Sentinel to say if any activity comes from a specific IP Address (like the one showing up in the potentially malicious event) to NOT show up on the map and instead just give an informational alert that it happened? I started to try and create a rule to do this (see below) but not sure if I'm going about it the correct way.
Solved
Aug 29, 2022 Place Microsoft Sentinel
siem
2KViews
0likes
3Comments
Impossible Travel - Bouncing IPS within same minute?
Can someone help me understand what's going on here? I doubt it's malicious activity but why is the IP Address bouncing back and forth between Ireland and Portugal like this?
Aug 17, 2022 Place Microsoft Defender for Cloud Apps
alerts
545Views
0likes
0Comments

Recent Blog Articles

No content to show